Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

LDAP Group Synchronization Methods

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

LDAP Group Synchronization Methods


Solution:

When enabling Group Synchronization on your Spotfire Server configuration, there are multiple methods of specifying which groups should be synchronized in the 'Group synchronization' > 'Groups' section of your LDAP configuration. Often the groups will be explicitly listed but there are multiple methods for also matching multiple groups which can simplify your configuration.

Example syntax:
These are the different methods available for specifying which groups to synchronize:

  • Group account DN (distinguished name) - Matches: Single group
  • Group account name - Matches: Single group
  • Group account name with * wildcard - Matches: All matched groups
  • Group context name - Matches: All groups under the specified context
  • Empty group list - Matches: All groups under the 'Context Names' as defined in the LDAP configuration


Here is a detailed description of each option:

Explicit group account DN (distinguished name)
Enter the full DN for each group to be synchronized. For example:
  • CN=mySpotfireGroup1,OU=myGroups,DC=myDomain,DC=com

Group account name
Enter just the group account name for each group to be synchronized. This will be the value of the the 'Group name attribute' of your group. For example:
  • mySpotfireGroup1
This would match the group 'mySpotfireGroup1' where the attribute set in 'Group name attribute' is equal to 'mySpotfireGroup1'.  The 'Group name attribute' is defined in the group synchronization configuration:

Example: This would match the group mySpotfireGroup1 if it has an attribute 'sAMAccountName' which equals exactly 'mySpotfireGroup'.


Group account name with * wildcard
Enter the group account name including * as a wildcard to synchronize multiple groups who match the pattern. For example:
  • mySpotfireGroup*
This will search the 'Group name attribute' for all objects within the defined 'Context Names' that match the 'Group search filter' (like: objectClass=group). This would match all of the following 'Group name attribute' values:
  • mySpotfireGroup1
  • mySpotfireGroup2
  • mySpotfireGroupText
Multiple wildcards can also be used. For example:
  • *Spotfire*

Group context name
Enter just a context name in the 'Groups' list instead of a specific group. This will synchronize all groups under the specified context which match the 'Group search filter'.
For example:
  • OU=myGroups,DC=myDomain,DC=com
This will find all groups under the OU=myGroups,DC=myDomain,DC=com context (including sub-folders) that match the 'Group search filter'.


Empty group list
If group synchronization is enabled but no groups or group context names are entered, then this will synchronize all groups under the 'Context Names' as defined in the LDAP configuration.

 

Additional General Comments:

  • All groups must reside under the contexts defined in the "Context names" section of the LDAP configuration in order to be synchronized.
  • All groups mentioned above must also successfully match the 'Group search filter' query, like: objectClass=group.
Doc: LDAP authentication and user directory settings

Related articles